At week's end many discuss the shifting and often difficult to discern relationships among various threat actors. Vanity Fair's profile of the late Junaid Hussain, the ISIS/Daesh Internet operator who got his start in the allegedly Anonymous-connected TeamP0is0n, offers a tutorial on line-crossing in cyberspace.
In Russia and the Near Abroad, CyberBerkut is back in the news, as is APT28, and here again one sees the difficulty of distinguishing cut-outs, fronts, and sock puppets from hacktivist or criminal groups. CyberBerkut, although it clearly acts in the interests of Russian policy, seems to observers to be composed of Ukrainian hackers. And APT28 may or may not be state actors or just Russian criminals — or perhaps both. FireEye's director of threat intelligence talks to SC Magazine about the complexities behind the simple statement "[Country X] did it."
How to respond in cyberspace to ISIS remains a vexed question. The Saudi-led anti-terror coalition erected this week with much éclat seems to be crumbling with equal éclat, as some members say membership therein was news to them. And as investigations in Paris and San Bernardino reveal more about terrorist Internet inspiration and use, some law professors wonder why police couldn't treat visits to Daesh websites the way they treat visits to child-exploitation sites.
Juniper Networks discloses and swiftly patches a flaw in NetScreen firewalls. Cisco does the same with a root-access bug in an Application Policy Infrastructure Controller.
CryptoLocker and TeslaCrypt circulate through new vectors. CryptoLocker, says Heimdal, is troubling Scandinavian users of PostNord.